{"containers": {"cna": {"affected": [{"product": "PHP", "vendor": "PHP Group", "versions": [{"status": "affected", "version": "7.1.x < 7.1.30"}, {"status": "affected", "version": "7.2.x < 7.2.19"}, {"status": "affected", "version": "7.3.x < 7.3.6"}]}], "configurations": [{"lang": "en", "value": "The code has to enable gd extension and use gdImageCreateFromXbm() on externally controlled data to be vulnerable. "}], "credits": [{"lang": "en", "value": "By chamal dot desilva at gmail dot com"}], "datePublic": "2019-05-28T00:00:00", "descriptions": [{"lang": "en", "value": "When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been left there by previous code."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-457", "description": "CWE-457: Use of Uninitialized Variable", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-04-08T01:06:06", "orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b", "shortName": "php"}, "references": [{"name": "FEDORA-2019-be4f895015", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PKSSWFR2WPMUOIB5EN5ZM252NNEPYUTG/"}, {"name": "FEDORA-2019-8c4b25b5ec", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WAZBVK6XNYEIN7RDQXESSD63QHXPLKWL/"}, {"name": "[debian-lts-announce] 20190611 [SECURITY] [DLA 1817-1] libgd2 security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00003.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.php.net/bug.php?id=77973"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/libgd/libgd/issues/501"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929821"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1140118"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1140120"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1724149"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1724432"}, {"name": "RHSA-2019:2519", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2519"}, {"name": "DSA-4529", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2019/dsa-4529"}, {"name": "20190923 [SECURITY] [DSA 4529-1] php7.0 security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2019/Sep/38"}, {"name": "RHSA-2019:3299", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:3299"}, {"name": "openSUSE-SU-2020:0332", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00020.html"}, {"name": "FEDORA-2020-e795f92d79", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CZ2QADQTKRHTGB2AHD7J4QQNDLBEMM6/"}, {"name": "USN-4316-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4316-2/"}, {"name": "USN-4316-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4316-1/"}], "source": {"defect": ["https://bugs.php.net/bug.php?id=77973"], "discovery": "EXTERNAL"}, "title": "Uninitialized read in gdImageCreateFromXbm", "x_generator": {"engine": "Vulnogram 0.0.7"}, "x_legacyV4Record": {"CVE_data_meta": {"AKA": "", "ASSIGNER": "security@php.net", "DATE_PUBLIC": "2019-05-28T06:49:00.000Z", "ID": "CVE-2019-11038", "STATE": "PUBLIC", "TITLE": "Uninitialized read in gdImageCreateFromXbm"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "PHP", "version": {"version_data": [{"version_value": "7.1.x < 7.1.30"}, {"version_value": "7.2.x < 7.2.19"}, {"version_value": "7.3.x < 7.3.6"}]}}]}, "vendor_name": "PHP Group"}]}}, "configuration": [{"lang": "en", "value": "The code has to enable gd extension and use gdImageCreateFromXbm() on externally controlled data to be vulnerable. "}], "credit": [{"lang": "eng", "value": "By chamal dot desilva at gmail dot com"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been left there by previous code."}]}, "exploit": [], "generator": {"engine": "Vulnogram 0.0.7"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-457: Use of Uninitialized Variable"}]}]}, "references": {"reference_data": [{"name": "FEDORA-2019-be4f895015", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKSSWFR2WPMUOIB5EN5ZM252NNEPYUTG/"}, {"name": "FEDORA-2019-8c4b25b5ec", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAZBVK6XNYEIN7RDQXESSD63QHXPLKWL/"}, {"name": "[debian-lts-announce] 20190611 [SECURITY] [DLA 1817-1] libgd2 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00003.html"}, {"name": "https://bugs.php.net/bug.php?id=77973", "refsource": "CONFIRM", "url": "https://bugs.php.net/bug.php?id=77973"}, {"name": "https://github.com/libgd/libgd/issues/501", "refsource": "CONFIRM", "url": "https://github.com/libgd/libgd/issues/501"}, {"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929821", "refsource": "CONFIRM", "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929821"}, {"name": "https://bugzilla.suse.com/show_bug.cgi?id=1140118", "refsource": "CONFIRM", "url": "https://bugzilla.suse.com/show_bug.cgi?id=1140118"}, {"name": "https://bugzilla.suse.com/show_bug.cgi?id=1140120", "refsource": "CONFIRM", "url": "https://bugzilla.suse.com/show_bug.cgi?id=1140120"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1724149", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1724149"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1724432", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1724432"}, {"name": "RHSA-2019:2519", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2519"}, {"name": "DSA-4529", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4529"}, {"name": "20190923 [SECURITY] [DSA 4529-1] php7.0 security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Sep/38"}, {"name": "RHSA-2019:3299", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3299"}, {"name": "openSUSE-SU-2020:0332", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00020.html"}, {"name": "FEDORA-2020-e795f92d79", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3CZ2QADQTKRHTGB2AHD7J4QQNDLBEMM6/"}, {"name": "USN-4316-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4316-2/"}, {"name": "USN-4316-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4316-1/"}]}, "solution": [], "source": {"advisory": "", "defect": ["https://bugs.php.net/bug.php?id=77973"], "discovery": "EXTERNAL"}, "work_around": []}}}, "cveMetadata": {"assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b", "assignerShortName": "php", "cveId": "CVE-2019-11038", "datePublished": "2019-05-28T00:00:00", "dateReserved": "2019-04-09T00:00:00", "dateUpdated": "2020-04-08T01:06:06", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libgd:libgd:2.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "C257CC1C-BF6A-4125-AA61-9C2D09096084", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "56CFABDE-1BA0-42D1-B38E-A08F27B2BF16", "versionEndExcluding": "7.1.30", "versionStartIncluding": "7.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "2537B4A2-025F-4641-AFCF-82E492378C12", "versionEndExcluding": "7.2.19", "versionStartIncluding": "7.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "B91B8478-BF61-468E-A7CC-5F418DDF2EB6", "versionEndExcluding": "7.3.6", "versionStartIncluding": "7.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", "matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*", "matchCriteriaId": "F892F1B0-514C-42F7-90AE-12ACDFDC1033", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp4:*:*:*:*:*:*", "matchCriteriaId": "55242557-663C-4870-A439-4C8FEEB69E7F", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp4:*:*:*:*:*:*", "matchCriteriaId": "55E8AB88-2347-497B-91DE-AF64E08ED8F3", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp5:*:*:*:*:*:*", "matchCriteriaId": "29AE5751-3EA5-4056-8E79-16D8DCD248EF", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp4:*:*:*:*:*:*", "matchCriteriaId": "227AB4E0-7CD4-4094-BAA4-E98DC5279C97", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp5:*:*:*:*:*:*", "matchCriteriaId": "6C734CEC-64F2-4129-B52E-C81884B3AC9A", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:sp4:*:*:*:*:*:*", "matchCriteriaId": "282B31FD-C5BB-4D81-9F74-6670B42551D5", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:sp5:*:*:*:*:*:*", "matchCriteriaId": "243B9B56-C744-4C1C-B42E-158C1B041B6A", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "9D7EE4B6-A6EC-4B9B-91DF-79615796673F", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been left there by previous code."}, {"lang": "es", "value": "Cuando se usa la funci\u00f3n gdImageCreateFromXbm () en la Biblioteca de gr\u00e1ficos GD (tambi\u00e9n conocida como LibGD) 2.2.5, como se usa en la extensi\u00f3n PHP GD en las versiones de PHP 7.1.x debajo de 7.1.30, 7.2.x debajo de 7.2.19 y 7.3.x debajo 7.3.6, es posible suministrar datos que har\u00e1n que la funci\u00f3n use el valor de la variable no inicializada. Esto puede llevar a revelar el contenido de la pila que ha quedado all\u00ed por c\u00f3digo anterior."}], "id": "CVE-2019-11038", "lastModified": "2023-11-07T03:02:37.723", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 1.6, "impactScore": 1.4, "source": "security@php.net", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-06-19T00:15:12.360", "references": [{"source": "security@php.net", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00020.html"}, {"source": "security@php.net", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2519"}, {"source": "security@php.net", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:3299"}, {"source": "security@php.net", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929821"}, {"source": "security@php.net", "tags": ["Vendor Advisory"], "url": "https://bugs.php.net/bug.php?id=77973"}, {"source": "security@php.net", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1724149"}, {"source": "security@php.net", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1724432"}, {"source": "security@php.net", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1140118"}, {"source": "security@php.net", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1140120"}, {"source": "security@php.net", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/libgd/libgd/issues/501"}, {"source": "security@php.net", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00003.html"}, {"source": "security@php.net", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CZ2QADQTKRHTGB2AHD7J4QQNDLBEMM6/"}, {"source": "security@php.net", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PKSSWFR2WPMUOIB5EN5ZM252NNEPYUTG/"}, {"source": "security@php.net", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WAZBVK6XNYEIN7RDQXESSD63QHXPLKWL/"}, {"source": "security@php.net", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Sep/38"}, {"source": "security@php.net", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4316-1/"}, {"source": "security@php.net", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4316-2/"}, {"source": "security@php.net", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2019/dsa-4529"}], "sourceIdentifier": "security@php.net", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-908"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-457"}], "source": "security@php.net", "type": "Secondary"}]}

{}